Narrow (wide) character string passed to wide (narrow) string function
This defect occurs when you pass a narrow character string to a wide string function, or a wide character string to a narrow string function.
Misuse of narrow or wide character string raises no defect on operating systems where narrow and wide character strings have the same size.
Using a narrow character string with a wide string function, or vice versa, can result in unexpected or undefined behavior.
If you pass a wide character string to a narrow string function, you can encounter these issues:
Data truncation. If the string contains null bytes, a copy operation using
strncpy() can terminate early.
Incorrect string length. strlen() returns the number of
characters of a string up to the first null byte. A wide string can have additional
characters after its first null byte.
If you pass a narrow character string to a wide string function, you can encounter this issue:
Buffer overflow. In a copy operation using wcsncpy(), the
destination string might have insufficient memory to store the result of the
copy.
Use the narrow string functions with narrow character strings. Use the wide string functions with wide character strings.
| Group: Programming |
| Language: C | C++ |
| Default: Off |
Command-Line Syntax:
NARROW_WIDE_STR_MISUSE |
| Impact: High |
| CWE ID: 135 |
Array access out of bounds | Destination buffer overflow in string
manipulation | Find defects (-checkers) | Invalid use of standard library routine | Invalid use of standard library string
routine | Pointer access out of bounds | Unreliable cast of function pointer | Wrong allocated object size for cast